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Exhibit A 
tzlasOl . sql 



$Header: tzlasOl.sql 



REMARK >>>> Set System Variables For Current SQLPlus Session 

SET FEEDBACK 1 

SET NUMWIDTH 10 

SET PAGES IZE 2 4 

SET LINESIZE 80 

SET TRIMSPOOL ON 

SET TAB OFF 

SET DEFINE 1 * 1 

SET ECHO ON 



CONNECT LBACSYS/LBACSYS 



Create two SA policies 
EXECUTE SA_SYSDBA. CREATE_POLICY ( 1 SA1 ' , ' SA1_C0L ' , ' ALL_CONTROL ' ) ; 
EXECUTE SA_SYSDBA . CRE ATE_POL I CY ( 1 SA2 ' , 1 SA2_COL 1 , ' NO_CONTROL ' ) ; 

-- Initialize PUBLIC labels for them 

EXECUTE SA_LABELS . CREATE_LEVEL ( 1 SA1 ' , 0 , 1 PUBLIC ' , ' PUBLIC Level ' ) ; 
EXECUTE SA_LABELS . CREATE_LEVEL ( 1 SA2 ' ,0, ' PUBLIC 1 , ' PUBLIC Level ' ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 10 , 1 public 1 ) ; 
EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sa2 ■ , 10 , ' public 1 ) ; 

Setup some labels for policy SA1 
EXECUTE SA_L ABELS . CREATE_LEVEL ( 1 sal ' , 10 , 1 c 1 , 1 confidential 1 ) ; 
EXECUTE SA_L ABELS . CREATE_LEVEL ( ' sal ' , 2 0 , ' s ' , ' SECRET 1 ) ; 
EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal 1 , 3 0 , ' ts 1 , 1 Top Secret 1 ) ; 

EXECUTE SA_L ABELS . CREATE_COMPARTMENT ('sal 1 , 5 , 1 A ' , 1 ALPHA ' ) ; 
EXECUTE SA_LABELS . CREATE_COMPARTMENT ( ' sal 1 , 10, 1 b • , ' beta ' ) ; 

EXECUTE SA_L ABELS . CREATE_GROUP ( 1 sal ' , 5 , ' Gl ' , ' group 1 ' ) ; 
EXECUTE. SA_L ABELS . CREATE_GROUP ( ' sal ' , 51, ' G2 ' , 1 group 2 ' , ' Gl ' ) ; 
EXECUTE SA_L ABELS . CREATE_GROUP ( ' sal ' , 52 , ' G3 ' , 1 group 3 ' , 1 Gl ' ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ' , 2 0 0 , ' c 1 ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ' , 225 , ' C :b, a ' ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal ' , 210 , ' C : a ' ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ' , 205 , 'C: : g2 ' ) ; 

EXECUTE SA_LABEL_ADMIN . CREATE_LABEL {'sal 1 , 3 0 0 , ' s ' ) ; 

EXECUTE SA_LABEL_ADMIN . CRE ATE_LAB E L ( ' sal 1 , 3 10 , ' s : a ' ) ; 

-- Generate some labels 

SELECT LABEL_TO_CHAR (TO_SA_LABEL ( ' s al ' , ' c : a : gl ' ) ) FROM DUAL; 
SELECT LABEL_TO_CHAR (TO_SA_LABEL ( ' sal ' , ' s : a, b ' ) ) FROM DUAL ; 
SELECT LABEL_TO_CHAR (TO_SA_LABEL ( 1 sal ' , ' public : a : gl ' ) ) FROM DUAL ; 



COL POL I CY_NAME FORMAT A15 

COL LABEL FORMAT A20 

SELECT * FROM DBA_SA_LABELS ; 



coi labelvalue format a2 0 
col policy_name format alO 
SELECT * from dba_sa_labels ; 

-- Set user labels 

EXECUTE SAJQSER_ADMIN. SET_LEVELS ( ' sal ' , 1 scott ' , 1 S ' , ' c 1 ) ; 

EXECUTE SA_USER_ADMIN . SET_COMPARTMENTS ( 1 sal 1 , 'scott', 'a,b'); 

EXECUTE SA_USER_ADMIN. SET_GROUPS ( ' sal ' , 1 scott ' , ' Gl 1 ) ; 

SELECT * FROM dba_sa_user_levels ORDER BY policy_name ; user_name; 

SELECT * FROM dba_sa_user_compartments ORDER BY policy_name, user_name; 

SELECT * f ROM dba_sa_user_groups ORDER BY policy_name, user_jname; 

-- Look at session labels 
CONNECT scott/tiger 

create or replace FUNCTION get_list (pol IN VARCHAR2) 
RETURN VARCHAR2 IS 

test_list lbacsys . lbac_label_list ; 
begin 

test_list : =lbac_session. ef f ective_labels (pol) ; 

RETURN label_list_to_named_char <test_list, 'effective') ; 
END; 
/ 

select get_list ( 1 sal ' ) from dual; 
select get_list ( 1 sa2 ' ) from dual; 



